Plenty of MSPs are striving to become managed security services providers (MSSPs). But transforming into a full-blown MSSP requires a complex mix of talent and technology. Instead of making lofty investments, many MSPs are looking to partner up with established MSSPs.
That's where Gartner's Magic Quadrant for MSSPs potentially enters the picture. Here's a synopsis of the 2017 rankings, along with MSSP Alert's partner spin on the situation.
> Related: Top 100 MSSPs for 2017, exclusively from MSSP Alert
Onto the Gartner Magic Quadrant. Companies are sorted alphabetically...
Here endeth MSP Alert's look at Gartner's Magic Quadrant for MSSPs in 2017.
1. AT&T (Challengers Quadrant)
Gartner's Strengths:- AT&T offers mature security management and monitoring services, along with flexible delivery options (e.g., AT&T NetBond service and its FlexWare platform), that are attractive to buyers seeking security controls and services as components of their managed network infrastructure.
- The Threat Manager—Log Analysis portal represents an opportunity to provide a richer and more functional interface to AT&T managed security customers than is available in the current portals.
- AT&T continues to invest in its capabilities in its unified delivery organization for MSSs, including incident response/forensics offerings.
- AT&T is adding capabilities to the portal for its Threat Manager—Log Analysis service during 2017.
- Potential customers should validate that the roadmap for portal features to support investigation, workflow and reporting will meet their requirements.
- MSS customers use separate portals for device management and security monitoring services. AT&T plans to unify these in in 2017. The vendor provides 24/7 support for threat monitoring and management, via U.S.- or Europe-based SOCs.
2. Atos (Niche Quadrant)
Gartner's Strengths:- Atos supports customers that need a service provider to perform security monitoring and management where Atos acts as an extension of a customer's security capabilities with minimal direction.
- Atos has access to high-profile digital business projects at large enterprises because of its broader IT services engagements — many MSS competitors do not have this level of access and visibility to transformational technology projects.
- Atos has a variety of alliances and partnerships with security technology vendors to deliver its device management and security monitoring offerings.
- Atos' MSS portal has limited customer self-service options, threat intelligence integration and reporting, as Atos relies on dedicated security managers assigned to customers to support those functions.
- Atos' advanced threat detection capabilities rely on its endpoint and network security services, supported by its SIEM service for security monitoring. Atos has announced new big data-based security analytics capabilities for MSS to be delivered in 2017 that leverage vendor partnerships and its own proprietary hardware and software solutions.
- Atos is rarely mentioned by Gartner clients interested in MSSs.
3. BAE Systems (Niche Quadrant)
Gartner's Strengths:- BAE Systems has experience with big data platforms and advanced analytics, which is employed across multiple services and solutions for advanced threat defense, as well as financial crime and fraud detection/prevention.
- BAE Systems has multiple options for instrumenting an organization, including its own network monitoring appliance and endpoint detection and response (EDR) agent, as well as partnerships with EDR vendors like Carbon Black, which are used to deliver security monitoring services as well as managed detection and response-type services.
- The vendor is an experienced defense contractor that has developed tradecraft for addressing advanced targeted attacks, which influences its advanced threat detection and threat intelligence offerings.
- Customers give generally positive feedback about BAE Systems for the sales, execution and MSS delivery phases.
- BAE Systems is still working to integrate the service and customers acquired as part of its purchase of SilverSky in 2014. Potential buyers should validate the impact of any changes to its platform and the technologies used to deliver the services.
- The MSS portal capabilities favor the enterprise customer with sufficient staff dedicated to receiving and investigating potential incidents alerted by BAE Systems' SOCs. BAE Systems plans to deploy a new portal in 2017 to unify its offerings and introduce new features and capabilities. Potential buyers should understand which portal they will use and the impact if they need to migrate from the legacy portal to the new portal.
- BAE Systems is rarely mentioned in MSS vendor shortlist discussions with Gartner clients.
4. BT (Challengers Quadrant)
Gartner's Strengths:- BT offers all MSSs and related offerings from a single, integrated business unit, providing a single source for enterprises, especially those with existing BT relationships, seeking security services delivered by a single provider.
- BT uses a variety of partnerships with security technology and service vendors to deliver its device management, security monitoring and threat intelligence offerings.
- The vendor's customers give good marks for most elements across the acquisition, implementation and delivery of MSSs.
- BT's portal is focused on features for enterprise technical security staff, with fewer features and capabilities compared to many MSS competitors' portals. A new portal is planned for release in 2017 that will add new features and capabilities.
- BT's offerings are focused on network-based security controls and event sources. Buyers seeking endpoint, platform and application security event monitoring may require customized services.
- Buyers seeking advanced threat detection capabilities must purchase and deploy BT's ACP solution, typically in conjunction with BT Assure Cyber security consulting. BT is integrating Assure Threat Monitoring into its Assure Cyber portfolio in 2017.
- BT's customer visibility is high in Europe, but it is less visible with MSS buyers in other regions.
5. CenturyLink (Niche Quadrant)
Gartner Strengths:- CenturyLink's enterprise and midmarket customers for network, cloud and platform services can augment security monitoring requirements with CenturyLink via their MSSs.
- CenturyLink's rationalization of security services across its lines of business has enabled a more focused and consistent delivery of MSSs.
- CenturyLink recently introduced a new version of its customer portal with an improved interface and features, which is available now to U.S. customers and will be rolled out globally in 2017.
- Customers give good marks for CenturyLink's delivery of MSSs.
- CenturyLink trails competitors in support for advanced threat detection and advanced analytics. User and entity behavior analytics (UEBA) capabilities are planned for 2017.
- The vendor's 24/7 SOC services are only available from a U.S.-based SOC. Customers in other regions with requirements for local 24/7 SOC support must request custom services until CenturyLink upgrades availability in 2017.
- CenturyLink announced the acquisition of Level 3 Communications in October 2016. Existing MSS customers and potential buyers should monitor the situation for any changes to its MSS offerings.
- CenturyLink rarely appears on Gartner clients' shortlists for MSSs.
6. CSC (Challengers Quadrant)
Gartner's Strengths:- CSC has strong integration with ServiceNow, including its Security Incident Response application, after CSC's acquisition of Fruition Partners.
- CSC's Audit Log Assurance (ALA) offering supports buyers that require centralized audit log collection and compliance reporting across a variety of regulations, and mandates across on-premises assets and public and private cloud environments.
- CSC's security expertise supports its strong presence in the international public sector, financial services, insurance and critical infrastructure industries.
- CSC's Pulse portal lacks features compared to those from competing MSSPs. It is oriented toward enterprises leveraging CSC for security device and application management services, while the security event investigation and workflow capabilities are lacking. CSC has plans to introduce a new portal in 2017.
- In May 2016, CSC announced its intent to merge with the Enterprise Services division of Hewlett Packard Enterprise (HPE). Buyers should monitor the situation as HPE has a competing MSS offering in the Enterprise Services unit, and the two units will need to be assessed for effectiveness and cost consolidation.
- CSC is rarely included on Gartner commercial clients' shortlists for stand-alone MSS deals.
7. HCL (Niche Quadrant)
Gartner Strengths:- HCL Technologies is competitive when offering MSS as part of a broader IT outsourcing deal, both for prospective and existing customers.
- The vendor has strong partnerships with security technology vendors for product procurement and implementation that can be leveraged by MSS customers.
- Its MSS delivery approach is customizable to customers' requirements and existing security technology solutions.
- HCL Technologies' portal provides basic incident investigation, workflow and reporting functions.
- The vendor's capabilities for advanced threat detection and analytics are less developed compared to its competitors.
- HCL Technologies is rarely mentioned in Gartner client inquiries for MSS, and it has more visibility for dedicated security outsourcing models (such as managed SIEM) than for MSS.
8. HP Enterprise (Challengers Quadrant)
Gartner's Strengths:- HPE has multiregional MSS and consulting delivery resources, and support capabilities for large service engagements.
- The vendor's broad technology and service delivery options enable extensively customized MSS engagements, including technology bundling and hybrid delivery options (e.g., co-managed SIEM for ArcSight and other SIEM vendors).
- HPE's standardization on components of the HPE Security ArcSight platform for global MSSs brings consistency to its shared delivery platform capabilities.
- Its partnership with FireEye for incident response services brings recognized advanced threat detection and incident response capabilities to HPE's existing MSSs.
- The current HPE MSS portal lacks several features that are available in competitors' portals, especially in asset and vulnerability details, self-service reporting capabilities, and integration with customer ticketing systems. HPE states that customers will have access to a new portal in 1Q17 that will add many of these capabilities.
- HPE Security Services delivers a range of security monitoring options, ranging from remote MSS to dedicated managed SIEM, which can be confusing for buyers because of the way these offerings are positioned. Prospective MSS buyers, particularly those procuring MSS as part of broader IT outsourcing deals, should evaluate the service delivery model being positioned to them.
- As HPE shifts MSS to a consumption-based model — priced according to the number of security devices and data sources, and monthly data usage — prospective MSS customers should validate assumptions about security data volume in the anticipated scope of services, and understand the impact of higher- or lower-than-planned-for volume on service delivery and pricing.
- Customers with contracts up for renewal in 2017 and potential MSS buyers will need to evaluate any changes in personnel and service delivery models as a result of the upcoming merger between HPE Enterprise Services and CSC.
9. IBM (Leaders Quadrant)
Gartner Strengths:- IBM is a large, mature provider of security and IT services and products, with global delivery capabilities.
- It has a full-featured portal, with new features like Watson-driven automated chat capabilities and an SOC analyst reservation system for scheduling device and policy changes. The portal also leverages the QRadar management console for functionality such as log management, searches and reporting.
- IBM acquired Resilient Systems in April 2016, bringing options to MSS buyers that want to leverage a security incident response platform tool.
- Customers generally give good marks for IBM's ability to deliver core MSS capabilities.
- Gartner clients often include IBM in competitive MSS evaluations, and the vendor has high visibility for MSS in all geographic regions.
- Gartner clients, especially midmarket clients, report challenges engaging with the IBM sales processes, and obtaining timely and responsive MSS bids.
- IBM is in the process of transitioning customers to its new QRadar platform. Current customers should monitor their migration path and plan appropriately for the move.
- IBM's advanced threat detection offerings rely on using IBM's QRadar SIEM modules and other partners, like Carbon Black. Buyers with existing UEBA or forensics products may require on-premises deployments or that custom services be developed.
- IBM's move toward "QRadar anywhere" for MSSs should be monitored by potential buyers to ensure they are being oriented toward the best option for their organizations' use cases, maturity, geographic footprint and size.
10. NTT Security (Challengers Quadrant)
Gartner Strengths:- The features of the current MSS customer portal from Solutionary, and the WideAngle analyst workbench and its proprietary SIEM platform, offer a strong set of capabilities for integration into a unified platform.
- MSSs that had been delivered via the NTT operating companies, and which are now consolidated in NTT Security, get generally positive reviews from Gartner clients.
- NTT operating companies provide broad geographic coverage for selling MSS, and can bundle MSS with a wide range of security service offerings and delivery options, including broader telecommunications and IT infrastructure service offerings.
- MSS will be sold, and customer relationships managed, by NTT operating companies and their strategic partners, with services delivered by NTT Security. Current and prospective MSS customers must ensure that there is a well-understood and efficient process to handle business and technical issues.
- NTT Security must successfully execute the integration of two existing MSS delivery platforms and portals, development of a new customer portal, and eventual migration of existing MSS customers from three platforms to the new unified platform. MSS customers should get assurances from their NTT operating company provider regarding the availability of current MSS capabilities and roadmaps for enhancements.
- NTT Security is moving its dedicated, specialized security sales team to the NTT operating companies for MSS sales and customer relationship management. This may create misalignment among NTT Security marketing and product management and development functions, which should be monitored by MSS customers.
11. Orange Business Services (Niche Quadrant)
Gartner Strengths:- Orange offers a broad range of network and IT services that can be bundled with MSSs.
- The vendor can provide good device management services for large global enterprises with distributed data center and branch locations.
- Customers give good marks for Orange's MSSs, especially for network and security device management.
- The Orange MSS portal (there is a separate IT services management portal) continues to lag behind those of competitors in supporting day-to-day investigation of security events. There is limited context and navigation capability, and customers seeking to investigate log data directly must be granted access to the console of the SIEM platform used with that customer.
- Orange has less mature capabilities in providing advanced attack analytics as part of its MSS, and also in using analytics and big data technologies to underpin service delivery.
- Orange rarely appears on Gartner clients' shortlists for MSS procurement, and it has limited MSS market visibility outside of its network service customer base.
12. SecureWorks (Leaders Quadrant)
Gartner Strengths:- SecureWorks is highly visible with Gartner clients considering MSS, and is frequently included in competitive MSS deals by both midmarket and enterprise buyers based in North America. It also has good visibility with European and Australian customers.
- Gartner customers give positive feedback for SecureWorks' MSS delivery, security expertise and relationship management.
- SecureWorks' addition of native support for monitoring activity in AWS will appeal to buyers looking for less complex monitoring options of public cloud environments.
- SecureWorks offers a standard incident response retainer that is used by customers to ensure continuity of support, from alert detection to incident investigation and remediation.
- The SecureWorks MSS portal offers extensive access to event data, supporting context, threat intelligence and reporting.
- Over the last 12 months, midmarket and small-enterprise Gartner clients have increasingly reported dissatisfaction with SecureWorks' MSS delivery and postsales experience. Potential buyers should do a proof of concept (POC) to confirm that the service will integrate appropriately with their security teams' processes and procedures.
- SecureWorks continues to lack visibility in markets beyond North America, Europe and Australia for MSSs. Its consulting practice has higher visibility outside of North America and Europe.
- Gartner clients have increasingly reported that SecureWorks' pricing is more expensive relative to other MSSPs.
13. Symantec (Leaders Quadrant)
Gartner Strengths:- The Symantec MSS portal is full-featured, with support for alert assessment and investigation, workflow, log search, and reporting.
- Symantec offers an enterprisewide licensing approach based on per-data-source (node) pricing.
- MSS customers indicate that the DeepSight Intelligence service threat feeds and intelligence reports are differentiators of Symantec's services. Symantec's acquisition of Blue Coat provides an additional source of threat and malware intelligence.
- The Blue Coat acquisition provides the opportunity for Symantec MSS to offer enhanced capabilities, such as network forensics and monitoring of SaaS environments.
- Gartner clients often consider Symantec's MSS offerings in competitive evaluations.
- Unlike most MSSPs, Symantec offers only limited device management services, primarily for IDPS, and not for other security controls. Prospective customers seeking those services in addition to monitoring must anticipate working with Symantec partners.
- Symantec's services for endpoint threat detection and response are evolving. Customers using EDR products from competitors should confirm Symantec's long-term plans.
- As Symantec completes the integration with Blue Coat, buyers should perform due diligence to confirm long-term support for MSSs.
14. TrustWave (Challengers Quadrant)
Gartner Strengths:- Trustwave is a good option for customers that need both products and services from a single provider, as the vendor has several competitive security software- and hardware-based platforms.
- Advanced threat detection as a turnkey service is available using a variety of EDR technologies.
- Trustwave SpiderLabs' security research and threat intelligence is used to provide protective and detective capabilities to the Trustwave products used in MSS, and to SOC analysts monitoring customer devices.
- Trustwave has moderate visibility with Gartner clients looking to purchase MSSs.
- Trustwave lags behind other MSSPs in employing advanced analytics technologies and methods to help SOC analysts and customers identify advanced, targeted attackers.
- Trustwave's updated MSS portal has improved incident views/alerting and workflow, but asset data capture/import, reporting features and self-service options are still limited.
- As Trustwave continues to add support for third-party security technologies, customers should validate when and to what extent the security products they have deployed will be fully supported by Trustwave MSSs.
15. Verizon (Leaders Quadrant)
Gartner Strengths:- Verizon's position as a telecommunications service provider brings additional network-based MSS offerings for networks and internet service customers through enhanced data acquisition and analysis of customer network traffic and premises-based device logs.
- Buyers looking for an MSSP that offers end-to-end threat detection and response — monitoring through to incident and breach response services — will benefit from Verizon's experienced, and MSS-integrated, RISK team.
- Verizon MSS is very visible among Gartner clients, and is often included in competitive MSS evaluations.
- With the introduction of volume-based licensing by Verizon, MSS buyers should have a solid understanding of their potential data volumes, both at the start of the engagement and going forward in the future. Buyers should also confirm how overages above their licensed capacity will impact the costs to the service from unanticipated spikes in log event volumes.
- While Verizon's new MSS Analytics platform can monitor events from endpoint security solutions, it does not yet have a turnkey, host-based advanced threat detection service similar to several competitors.
- Verizon is still in the process of moving customers to its new unified portal and back end. Current customers should monitor and plan for the migration. New customers can use features from either the legacy or unified portal until existing customers are migrated.
16. WiPro (Niche Quadrant)
Gartner Strengths:- Wipro's MSS delivery approach is highly customizable to customers' requirements and existing technology solutions, but can also bring preferred partner solutions to a customer as needed.
- Wipro supports native and well-integrated security event collection for leading public cloud service providers (AWS and Microsoft Azure), in addition to leading SaaS vendors (Office 365, Salesforce).
- Wipro has made strategic investments through its venture capital arm in new security products, such as Vectra Networks and IntSights, which have been adopted by its MSS offerings (e.g., Threat Hunting as- a- Service).
- Wipro's CDC portal does not provide several self-service capabilities, such as account creation and management, which must be managed by Wipro SOC analysts. The CDC portal also lags some MSSP competitors for ease of use, especially in investigating and validating alerts raised by the Wipro SOC.
- Wipro rarely appears on Gartner clients' shortlists for stand-alone MSSs deals.
Actual Gartner MSSP Magic Quadrant Graphic
Now that you've read a bit about each company in Garter's MSSP Magic Quadrant for 2017, here's a look at each company plotted in the quadrants:
